[Pkg-openldap-devel] r1095 - in openldap/trunk/debian: . patches

Mon Feb 11 07:36:42 UTC 2008

Author: vorlon
Date: 2008-02-11 07:36:42 +0000 (Mon, 11 Feb 2008)
New Revision: 1095

Added:
   openldap/trunk/debian/patches/sasl-cleartext-strncasecmp
Modified:
   openldap/trunk/debian/changelog
   openldap/trunk/debian/patches/series
Log:
* Add new patch, sasl-cleartext-strncasecmp, to correct a regression that
  prevented the use of the {CLEARTEXT} password scheme with SASL.

Modified: openldap/trunk/debian/changelog
===================================================================

--- openldap/trunk/debian/changelog	2008-02-11 07:07:38 UTC (rev 1094)
+++ openldap/trunk/debian/changelog	2008-02-11 07:36:42 UTC (rev 1095)
@@ -14,6 +14,8 @@
     using nss_ldap for host lookups.  Closes: #340601.
   * debian/libldap2-dev.manpages: install all of man3/* instead of
     enumerating specific manpages to install.  Closes: #320073.
+  * Add new patch, sasl-cleartext-strncasecmp, to correct a regression that
+    prevented the use of the {CLEARTEXT} password scheme with SASL.
 
  -- Steve Langasek <vorlon at debian.org>  Sat, 09 Feb 2008 18:02:00 -0800
 

Added: openldap/trunk/debian/patches/sasl-cleartext-strncasecmp
===================================================================
--- openldap/trunk/debian/patches/sasl-cleartext-strncasecmp	                        (rev 0)
+++ openldap/trunk/debian/patches/sasl-cleartext-strncasecmp	2008-02-11 07:36:42 UTC (rev 1095)
@@ -0,0 +1,25 @@
+Author: Steve Langasek <vorlon at debian.org>
+
+Fix a regression introduced by wholesale replacement of strncasecmp()
+with ber_bvstrcasecmp(): this code deliberately used strncasecmp() to
+check for {CLEARTEXT} as an initial substring of the userPassword field,
+changing this to strcasecmp() breaks the use of the {CLEARTEXT} password
+scheme for sasl auth.
+
+Forwarded upstream as ITS#5368.
+
+Index: servers/slapd/sasl.c
+===================================================================
+--- servers/slapd/sasl.c	(revision 1086)
++++ servers/slapd/sasl.c	(working copy)
+@@ -237,7 +237,9 @@
+ 					 * past the scheme name, skip this value.
+ 					 */
+ #ifdef SLAPD_CLEARTEXT
+-					if ( !ber_bvstrcasecmp( bv, &sc_cleartext ) ) {
++					if ( !strncasecmp( bv->bv_val, sc_cleartext.bv_val,
++						sc_cleartext.bv_len ))
++					{
+ 						struct berval cbv;
+ 						cbv.bv_len = bv->bv_len - sc_cleartext.bv_len;
+ 						if ( cbv.bv_len > 0 ) {

Modified: openldap/trunk/debian/patches/series
===================================================================
--- openldap/trunk/debian/patches/series	2008-02-11 07:07:38 UTC (rev 1094)
+++ openldap/trunk/debian/patches/series	2008-02-11 07:36:42 UTC (rev 1095)
@@ -13,3 +13,4 @@
 slapd-tlsverifyclient-default -p0
 gnutls-altname-nulterminated -p0
 getaddrinfo-is-threadsafe
+sasl-cleartext-strncasecmp -p0


